National Strategy for Information Sharing and Safeguarding
Citation The White House, National Strategy for Information Sharing and Safeguarding (NSISS) (Dec. 2012) (full-text). Overview This Strategy aims to strike the proper balance between sharing information with those who need it to keep our country safe and safeguarding it from those who would do us harm. While these two priorities — sharing and safeguarding — are often seen as mutually exclusive, in reality they are mutually reinforcing. This Strategy, therefore, emphasizes how strengthening the protection of classified and sensitive information can help to build confidence and trust so that such information can be shared with authorized users. This Strategy recognizes this vital information for what it is — a national asset that must be both protected and shared, as appropriate. The threats to our national security are constantly evolving, so U.S. government policies to ensure this information is used and protected as intended must evolve as well. This includes protecting private and personal information about U.S. persons and upholding our commitment to transparency. This Strategy makes it clear that the individual privacy, civil rights, and civil liberties of U.S. persons must be — and will be — protected. Core principles The Strategy is grounded in three core principles. First, in treating information as a national asset, we recognize that departments and agencies have achieved an unprecedented ability to gather, store, and use information consistent with their missions and applicable legal authorities; correspondingly they have an obligation to make that information available to support national security missions. Second, our approach recognizes that information sharing and safeguarding requires shared risk nanagement. In order to build and sustain the trust required to share with one another, we must work together to identify and collectively reduce risk, rather than avoiding information loss by not sharing at all. Third, the core premise information informs decisionmaking underlies all our actions and reminds us better decisionmaking is the purpose of sharing information in the first place. Goals The Strategy focuses on achieving five goals: # Drive Collective Action through Collaboration and Accountability. We can best reach our shared vision when working together, using governance models that enable mission achievement, adopting common processes where possible to build trust, simplifying the information sharing agreement development process, and supporting efforts through performance management, training, and incentives. # Improve Information Discovery and Access through Common Standards. Improving discovery and access involves developing clear policies for making information available to approved individuals. Secure discovery and access relies on identity, authentication, and authorization controls, data tagging, enterprise-wide data correlation, common information sharing standards, and a rigorous process to certify and validate their use. # Optimize Mission Effectiveness through Shared Services and Interoperability. Efforts to optimize mission effectiveness include shared services, data and network interoperability, and increased efficiency in acquisition. # Strengthen Information Safeguarding through Structural Reform, Policy, and Technical Solutions. To foster trust and safeguard our information, policies and coordinating bodies must focus on identifying, preventing, and mitigating insider threats and external intrusions, while departments and agencies work to enhance capabilities for data-level controls, automated monitoring, and cross-classification solutions. # Protect Privacy, Civil Rights, and Civil Liberties through Consistency and Compliance. Integral to maintaining the public trust is increasing the consistency by which we apply privacy, civil rights, and civil liberties protections across the government, building corresponding safeguards into the development of information sharing operations, and promoting accountability and compliance mechanisms. Category:Publication Category:Data Category:Security